Menu

Over several months, Michael Hunter, in his blog on Dr. Dobb’s Portal, ran a series of posts with the title of "You Are Not Done Yet", each of which picked an area of a software deliverable and listed items that a tester needs to consider before considering themselves done testing it. This is a great series and I have referred numerous individuals to it time and again.

I recently wanted to refer someone to it and it took me a while to find the particular URL I needed. So, in order to save myself some time, here is the link to the table of contents to all of the articles in the series.

Bruce McLeod recently posted on the topic of browser compatibility testing. This is an excellent post and I agree with Bruce’s analysis as to what to include and to why. It was also timely because Google’s Chrome had just gone out of beta which spurred me to reconsider what to include in my matrix.

What is lacking in Bruce’s post is an analysis of which operating systems should each browser be run on. This is especially important when considering Firefox which is often run on Windows, Linux and Mac. Taking Bruce’s list, I would modify it as follows:

Internet Explorer 7.x – Windows Vista

Internet Explorer 6.x – Windows XP

Firefox 3.0 – Windows XP or Windows Vista

Firefox 3.0 – Mac OS X

Safari 3.x – Mac OS X

Internet Explorer 8.x – Windows Vista

Google Chrome – Windows XP or Windows Vista

This is what I would put on my tier B list (after completing the list above):

While it has been a while since I needed to do installer testing, I recently researched a product that may be helpul in this task. Sandboxie strives to isolate programs from making changes to the rest of the operating system. The Sandboxie website describes it as:

Sandboxie runs your programs in an isolated space which prevents them from making permanent changes to other programs and data in your computer.

Sandboxie adds a third approach to installer testing. The first approach, to install over and over on the same instance, is expediant but not necessarily the most realistic. The second approach is to re-image / restore the system. When I first started, this meant using a program such as Ghost, now owned by Symantec. This approach has been supplanted using virtual machines. Virtual machines have made this process much faster.

Using Sandboxie, it is possible to have the cleanliness afforded by virtual machine or images plus the expediency of installing over and over on the same system. On a single system, multiple sandboxes could be created – one for each install test. This approach seems reasonable to me. It is still necessary to do installer testing on native system, but this can be done after many bugs our found and resolved.

In the past, the TRACE command in the HTTP specification was considered a “safe” command. However, due to the information disclosed combined with other cross-domain exploits, TRACE is no longer considered safe. See US-CERT Vulnerability Note VU#867593 for more information.

I was asked how to verify that the TRACE command (in Apache) is disabled. The easiest way to do this is to use telnet. Launch telnet.

telnet hostname 80
Now, we can issue the TRACE command for a given url.